Struts@2.3.20.3 Security Vulnerabilities and Issues — Struts@2.3.20.3 CVE List

Lucene search

ApacheStruts2.3.20.3

7 matches found

CVE•added 2016/07/04 10:59 p.m.•89 views

CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

9.8CVSS9.4AI score0.53496EPSS

CVE•added 2016/07/04 10:59 p.m.•77 views

CVE-2016-4430

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

8.8CVSS8.5AI score0.03212EPSS

CVE•added 2016/10/03 3:59 p.m.•74 views

CVE-2016-4436

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

9.8CVSS8.5AI score0.06115EPSS

CVE•added 2016/06/07 6:59 p.m.•68 views

CVE-2016-3093

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

5.3CVSS5.3AI score0.04652EPSS

CVE•added 2016/07/04 10:59 p.m.•64 views

CVE-2016-4465

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

5.3CVSS5.3AI score0.13342EPSS

CVE•added 2016/07/04 10:59 p.m.•60 views

CVE-2016-4433

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.

7.5CVSS7.7AI score0.10632EPSS

CVE•added 2016/07/04 10:59 p.m.•54 views

CVE-2016-4431

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.

7.5CVSS7.8AI score0.22062EPSS